Risky Business Risky Business #812 -- Alleged Trenchant exploit mole is ex-ASD
35 snips
Oct 29, 2025 Adam Boileau, a security researcher known for his insights into cyber incidents, joins Matt Muller, Field CISO at Tines, to discuss the week’s biggest cybersecurity news. They tackle the shocking allegations against an L3Harris executive accused of selling exploits to Russia and dissect a serious patch exploit impacting Microsoft WSUS. Adam also unveils how predictable PRNG flaws have revived DNS cache poisoning threats. Meanwhile, Matt elaborates on Tines' innovative use of AI in streamlining SOC workflows and enhancing automation.
AI Snips
Chapters
Transcript
Episode notes
Ex‑Intelligence Staff Tied To Exploit Theft
- L3Harris Trenchant's alleged insider (Peter Williams) was previously with the Australian Signals Directorate and rose quickly in the private exploit industry.
- His alleged theft of multiple exploits highlights risk when intelligence insiders move to private-sector offensive tooling firms.
WSUS Deserialization Bugs Led To Active Exploitation
- WSUS had multiple deserialization flaws; one patched in 2023 and another pre-auth RCE now under active exploitation.
- Microsoft mis-triaged and had to reissue patches, leaving many internet-exposed WSUS instances vulnerable.
Credential Guard Extraction Via RDP Pathways
- SpecterOps developed a method to extract credentials from Credential Guard via RDP integration, expanding credential-theft techniques.
- Microsoft deemed the behavior "intended," leaving defenders with new, practical attack tools to mitigate.